CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15207 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | |||
| CVE-2017-15206 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | |||
| CVE-2017-15205 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. | |||
| CVE-2017-15204 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | |||
| CVE-2017-15203 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | |||
| CVE-2017-15202 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | |||
| CVE-2017-15201 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | |||
| CVE-2017-15200 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | |||
| CVE-2017-15199 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | |||
| CVE-2017-15198 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. | |||
| CVE-2017-15197 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | |||
| CVE-2017-15196 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | |||
| CVE-2017-15195 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | |||
| CVE-2017-1000110 | medium | 4.3 | 4.3 | 9y ago | Improper Authentication in Jenkins Blue Ocean Plugin | |||
| CVE-2017-1000087 | medium | 4.3 | 4.3 | 9y ago | Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs | |||
| CVE-2017-9794 | medium | 4.3 | 4.3 | 9y ago | Apache Geode gfsh query vulnerability | |||
| CVE-2017-1555 | medium | 4.3 | 4.3 | 9y ago | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | |||
| CVE-2017-12157 | medium | 4.3 | 4.3 | 9y ago | Moodle sensitive information disclosure | |||
| CVE-2017-1002024 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. | |||
| CVE-2017-8739 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects i… | |||
| CVE-2017-8736 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8735 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that M… | |||
| CVE-2017-8733 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-8724 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, … | |||
| CVE-2017-8723 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg… | |||
| CVE-2017-8648 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "M… | |||
| CVE-2017-8643 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Micro… | |||
| CVE-2017-8597 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka… | |||
| CVE-2017-12213 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dyn… | |||
| CVE-2017-2258 | medium | 4.3 | 4.3 | 9y ago | Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | |||
| CVE-2017-6785 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalatio… | |||
| CVE-2017-6783 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attack… | |||
| CVE-2017-6772 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitiv… | |||
| CVE-2017-7674 | medium | 4.3 | 4.3 | 9y ago | The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Orig… | |||
| CVE-2017-1377 | medium | 4.3 | 4.3 | 9y ago | IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874. | |||
| CVE-2017-1357 | medium | 4.3 | 4.3 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. | |||
| CVE-2017-8662 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability… | |||
| CVE-2017-8659 | medium | 4.3 | 4.3 | 9y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2017-3651 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. E… | |||
| CVE-2017-10218 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitabl… | |||
| CVE-2017-10217 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitabl… | |||
| CVE-2017-10208 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows… | |||
| CVE-2017-10205 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.9. Easily expl… | |||
| CVE-2017-10195 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.8. Easily exploitable vulnerab… | |||
| CVE-2017-10175 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6.… | |||
| CVE-2017-10160 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-10150 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.… | |||
| CVE-2017-10133 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI). The supported version that is affected is 1.1. Easily exploitable vulnerabil… | |||
| CVE-2017-10132 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability… | |||
| CVE-2017-10123 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability a… | |||
| CVE-2017-10105 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows … | |||
| CVE-2017-10081 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. … | |||
| CVE-2017-10071 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1… | |||
| CVE-2017-10022 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1… | |||
| CVE-2017-10018 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerabi… | |||
| CVE-2017-10009 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-10008 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-10007 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-5246 | medium | 4.3 | 4.3 | 9y ago | Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in doub… | |||
| CVE-2017-7531 | medium | 4.3 | 4.3 | 9y ago | Moodle Information Disclosure | |||
| CVE-2017-5001 | medium | 4.3 | 4.3 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… | |||
| CVE-2017-5000 | medium | 4.3 | 4.3 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… | |||
| CVE-2017-1157 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. | |||
| CVE-2017-1326 | medium | 4.3 | 4.3 | 9y ago | IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the… | |||
| CVE-2017-9505 | medium | 4.3 | 4.3 | 9y ago | Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confl… | |||
| CVE-2017-8555 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certai… | |||
| CVE-2017-8523 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to c… | |||
| CVE-2017-8504 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered respo… | |||
| CVE-2017-8498 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browse… | |||
| CVE-2017-1099 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. | |||
| CVE-2017-2180 | medium | 4.3 | 4.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | |||
| CVE-2017-8441 | medium | 4.3 | 4.3 | 9y ago | Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data… | |||
| CVE-2017-2162 | medium | 4.3 | 4.3 | 9y ago | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless … | |||
| CVE-2017-7488 | medium | 4.3 | 4.3 | 9y ago | Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | |||
| CVE-2017-7491 | medium | 4.3 | 4.3 | 9y ago | Moodle Cross-Site Request Forgery (CSRF) | |||
| CVE-2017-0231 | medium | 4.3 | 4.3 | 9y ago | A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2017-0894 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars… | |||
| CVE-2017-1141 | medium | 4.3 | 4.3 | 9y ago | IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | |||
| CVE-2017-2116 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | |||
| CVE-2017-2115 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | |||
| CVE-2017-2095 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | |||
| CVE-2017-2094 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | |||
| CVE-2017-2093 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | |||
| CVE-2017-2091 | medium | 4.3 | 4.3 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | |||
| CVE-2017-5046 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5041 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5040 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5033 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3560 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x… | |||
| CVE-2017-3552 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are… | |||
| CVE-2017-3481 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and … | |||
| CVE-2017-3473 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-3465 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerabili… | |||
| CVE-2017-3464 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily… | |||
| CVE-2017-1152 | medium | 4.3 | 4.3 | 9y ago | IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Forc… | |||
| CVE-2017-7217 | medium | 4.3 | 4.3 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. | |||
| CVE-2017-0208 | medium | 4.3 | 4.3 | 9y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2017-0203 | medium | 4.3 | 4.3 | 9y ago | A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web … | |||
| CVE-2017-0192 | medium | 4.3 | 4.3 | 9y ago | The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Win… | |||
| CVE-2017-3817 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for a… |